From e8781f70a5b210a1b08cff8ce05895ebcec18d83 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 21 Jan 2015 18:04:18 +0100 Subject: [PATCH] netfilter: nf_tables: disable preemption when restoring chain counters With CONFIG_DEBUG_PREEMPT=y [22144.496057] BUG: using smp_processor_id() in preemptible [00000000] code: iptables-compat/10406 [22144.496061] caller is debug_smp_processor_id+0x17/0x1b [22144.496065] CPU: 2 PID: 10406 Comm: iptables-compat Not tainted 3.19.0-rc4+ # [...] [22144.496092] Call Trace: [22144.496098] [] dump_stack+0x4f/0x7b [22144.496104] [] check_preemption_disabled+0xd6/0xe8 [22144.496110] [] debug_smp_processor_id+0x17/0x1b [22144.496120] [] nft_stats_alloc+0x94/0xc7 [nf_tables] [22144.496130] [] nf_tables_newchain+0x471/0x6d8 [nf_tables] [22144.496140] [] ? nft_trans_alloc+0x18/0x34 [nf_tables] [22144.496154] [] nfnetlink_rcv_batch+0x2b4/0x457 [nfnetlink] Reported-by: Andreas Schultz Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 7e686948ddca..b54360634e95 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1134,9 +1134,11 @@ static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr) /* Restore old counters on this cpu, no problem. Per-cpu statistics * are not exposed to userspace. */ + preempt_disable(); stats = this_cpu_ptr(newstats); stats->bytes = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES])); stats->pkts = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS])); + preempt_enable(); return newstats; }